Partial bitwise permutations
Download PDFInfo
 Publication number
 US7237097B2 US7237097B2 US09788683 US78868301A US7237097B2 US 7237097 B2 US7237097 B2 US 7237097B2 US 09788683 US09788683 US 09788683 US 78868301 A US78868301 A US 78868301A US 7237097 B2 US7237097 B2 US 7237097B2
 Authority
 US
 Grant status
 Grant
 Patent type
 Prior art keywords
 register
 bits
 bit
 instruction
 used
 Prior art date
 Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
 Active, expires
Links
Images
Classifications

 G—PHYSICS
 G06—COMPUTING; CALCULATING; COUNTING
 G06F—ELECTRICAL DIGITAL DATA PROCESSING
 G06F9/00—Arrangements for programme control, e.g. control unit
 G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
 G06F9/30—Arrangements for executing machineinstructions, e.g. instruction decode
 G06F9/30003—Arrangements for executing specific machine instructions
 G06F9/30007—Arrangements for executing specific machine instructions to perform operations on data operands
 G06F9/30018—Bit or string instructions; instructions using a mask

 G—PHYSICS
 G06—COMPUTING; CALCULATING; COUNTING
 G06F—ELECTRICAL DIGITAL DATA PROCESSING
 G06F9/00—Arrangements for programme control, e.g. control unit
 G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
 G06F9/30—Arrangements for executing machineinstructions, e.g. instruction decode
 G06F9/30003—Arrangements for executing specific machine instructions
 G06F9/30007—Arrangements for executing specific machine instructions to perform operations on data operands
 G06F9/30025—Format conversion instructions, e.g. FloatingPoint to Integer, decimal conversion

 G—PHYSICS
 G06—COMPUTING; CALCULATING; COUNTING
 G06F—ELECTRICAL DIGITAL DATA PROCESSING
 G06F9/00—Arrangements for programme control, e.g. control unit
 G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
 G06F9/30—Arrangements for executing machineinstructions, e.g. instruction decode
 G06F9/30003—Arrangements for executing specific machine instructions
 G06F9/30007—Arrangements for executing specific machine instructions to perform operations on data operands
 G06F9/30032—Movement instructions, e.g. MOVE, SHIFT, ROTATE, SHUFFLE

 G—PHYSICS
 G06—COMPUTING; CALCULATING; COUNTING
 G06F—ELECTRICAL DIGITAL DATA PROCESSING
 G06F9/00—Arrangements for programme control, e.g. control unit
 G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
 G06F9/30—Arrangements for executing machineinstructions, e.g. instruction decode
 G06F9/30003—Arrangements for executing specific machine instructions
 G06F9/30007—Arrangements for executing specific machine instructions to perform operations on data operands
 G06F9/30036—Instructions to perform operations on packed data, e.g. vector operations

 C—CHEMISTRY; METALLURGY
 C04—CEMENTS; CONCRETE; ARTIFICIAL STONE; CERAMICS; REFRACTORIES
 C04B—LIME, MAGNESIA; SLAG; CEMENTS; COMPOSITIONS THEREOF, e.g. MORTARS, CONCRETE OR LIKE BUILDING MATERIALS; ARTIFICIAL STONE; CERAMICS; REFRACTORIES; TREATMENT OF NATURAL STONE
 C04B2237/00—Aspects relating to ceramic laminates or to joining of ceramic articles with other articles by heating
 C04B2237/30—Composition of layers of ceramic laminates or of ceramic or metallic articles to be joined by heating, e.g. Si substrates
 C04B2237/32—Ceramic
 C04B2237/36—Nonoxidic
 C04B2237/366—Aluminium nitride

 G—PHYSICS
 G06—COMPUTING; CALCULATING; COUNTING
 G06F—ELECTRICAL DIGITAL DATA PROCESSING
 G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
 G06F7/76—Arrangements for rearranging, permuting or selecting data according to predetermined rules, independently of the content of the data
Abstract
Description
This application is related to the following copending applications, each of which is being filed concurrently with this application and is incorporated by reference: (1) U.S. application Ser. No. 09/788,682, titled “Configurable Instruction Sequence Generation”; (2) U.S. application Ser. No. 09/788/670, titled “Binary Polynomial Multiplier”; (3) U.S. application Ser. No. 09/788,684, titled “Polynomial Arithmetic Operations”; and (4) U.S. application Ser. No. 09/788,685, titled “Extended Precision Accumulator”.
This invention relates to a technique for performing partial bitwise permutations in a microprocessor.
Reduced instruction set computer (RISC) architectures were developed as industry trends tended towards larger, more complex instruction sets. By simplifying instruction set designs, RISC architectures make it easier to use techniques such as pipelining and caching, thus increasing system performance.
RISC architectures usually have fixedlength instructions (e.g., 16bit, 32bit, or 64bit), with few variations in instruction format. Each instruction in an instruction set architecture (ISA) may have the source registers always in the same location. For example, a 32bit ISA may always have source registers specified by bits 1620 and 2125. This allows the specified registers to be fetched for every instruction without requiring any complex instruction decoding.
Cryptographic systems (“cryptosystems”) are increasingly used to secure transactions, to encrypt communications, to authenticate users, and to protect information. Many secretkey cryptosystems, such as the Digital Encryption Standard (DES), are relatively simple computationally and frequently reducible to hardware solutions performing sequences of XORs, rotations, and permutations on blocks of data.
In one general aspect, an instruction for performing partial bitwise permutations is provided in an instruction set architecture. The instruction includes an opcode identifying the instruction as a partial permutation instruction, and a permutation operation specification. The permutation operation specification includes a destination specifier identifying a destination register, a previous partial value source specifier, a destination subset specifier, and a control specifier. The destination subset specifier identifies one or more destination bits of the destination register, and the control specifier identifies a source for each of the identified destination bits. The instruction is processed by performing a partial bitwise permutation defined by the permutation operation specification.
Implementations may include a destination specifier that either implicitly or explicitly identifies the destination register. The destination register may be specified as an accumulator within a multiply/divide unit of a microprocessor and/or a generalpurpose register. Likewise, the partial value source specifier may implicitly or explicitly identify a previous partial value source register. The previous partial value source register may be specified as an accumulator and/or a generalpurpose register. Additionally, the destination register and the previous partial value source register may be identified as the same register.
In some implementations, the destination subset specifier identifies a contiguous block of bits within the destination register. The contiguous block of bits may include the least significant bit of the destination register. Various implementations may include 16 or more bits within the contiguous block of bits.
The control subset specifier may include one or more source bit identifiers, and may include a mask and a default bit. Additionally, the control subset specifier may be stored as a field within an instruction or may be stored in a generalpurpose register.
Implementations may include providing a partial permutation instruction within a RISC instruction set.
The details of one or more implementations are set forth in the accompanying drawings and the description below. Other features and advantages will be apparent from the description and drawings, and from the claims.
Some cryptographic operations, such as the Digital Encryption Standard (DES) (as well as several of the candidates for the Advanced Encryption Standard (AES) to replace DES), perform some degree of bitwise permutation of data values. These operations, which map poorly to conventional microprocessor instruction set architectures, often may be implemented efficiently in hardware. However, the National Institute of Standards and Technology is in the process of creating the new AES standard. Therefore, it is uncertain which algorithms will be used in the future. For at least this reason, it is desirable to provide a microprocessor with support for bitwise permutations that may be used to increase the performance of cryptographic algorithms such as block ciphers.
Referring to
Because some operations, such as floating point calculations and integer multiply/divide, cannot be performed in a single clock cycle, some instructions merely begin execution of an instruction. After sufficient clock cycles have passed, another instruction may be used to retrieve a result. For example, when an integer multiply instruction takes five clock cycles, one instruction may initiate the multiplication calculation, and another instruction may load the results of the multiplication into a register after the multiplication has completed. If a multiplication has not completed by the time a result is requested, the pipeline may stall until the result is available.
Referring to
Execution unit 2010 is the primary mechanism for executing instructions within processor core 2000. Execution unit 2010 includes a register file 2011 and an arithmetic logic unit (ALU) 2012. In one implementation, the register file 2011 includes 32 32bit generalpurpose registers that may be used, for example, in scalar integer operations and address calculations. The register file 2011 includes two read ports and one write port and may be fully bypassed to minimize operation latency in the pipeline. ALU 2012 supports both logical and arithmetic operations, such as addition, subtraction, and shifting.
The MDU 2020 includes three registers (ACX 2021, HI 2022, and LO 2023) that may be used for various operations. In accordance with one implementation, these three registers may be used together to hold up to a 72bit value. In one implementation, LO register 2023 and HI register 2022 are each 32 bits wide and function as dedicated output registers of MDU 2020. In one implementation, ACX register 2021 provides 8 bits of additional integer precision beyond those provided by the HI/LO register pair. The precise number of bits is implementation dependent, with the preferred minimum size being 2 bits. For processors with 32 bit data paths, the preferred maximum size of the ACX register is 32 bits. In contrast, for processors with 64 bit data paths, the preferred maximum size of the ACX register is 64 bits. Hence, in a processor with 32bit wide HI and LO registers, the combination of ACX/HI/LO can hold a 64ormorebit concatenated value. MDU 2020 may be used to perform various operations including some or all of the following instructions: DIV, DIVU, MADD, MADDU, MFHI, MFLO, MSUB, MSUBU, MTHI, MTLO, MUL, MULT, MULTU, MFLHXU, MTLHX, MADDP, MULTP, and PPERM.
The instructions MUL, MULT, and MULTU may be used to multiply two 32bit numbers together. The result is stored in a specified register for MUL, and in the HI/LO registers for MULT and MULTU. For example, “MUL $7, $6, $5” multiplies the contents of registers $6 and $5 together and stores the result in register $7. The instruction “MULT $6, $5” multiplies the contents of registers $6 and $5 together and stores the result in the HI/LO registers. The MULTU instruction performs the same operation as MULT with MULTU applying to unsigned operands and MULT applying to signed operands. Additionally, the MULTU instruction clears the ACX register to all zeros.
The instructions DIV and DIVU perform division operations and store the results in the ACX/HI/LO registers. For example, “DIV $6, $5” divides the contents of register $6 by the contents of register $5 and stores the resulting remainder and quotient in the HI/LO registers. The DIVU instruction performs the same operation on unsigned operands.
The instructions MSUB, MSUBU, MADD, and MADDU may be used to multiply the contents of two registers and then add or subtract the resulting product with the contents of the ACX/HI/LO registers. For example, “MSUB $6, $5” multiplies the contents of registers $6 and $5 together, subtracts the result of the multiplication from the contents of the ACX/HI/LO registers, and then stores the resulting value in the ACX/HI/LO registers. The MADD instruction similarly multiplies the contents of two registers, adds the result to the ACX/HI/LO registers, and stores the result in the ACX/HI/LO registers. The MSUBU and MADDU perform the analogous operations to unsigned operands. In some implementations, the ACX register is not used for some operations and the contents of the ACX register following such operations may be undefined.
The MFHI, MFLO, MTHI, MTLO, MFLHXU, and MTLHX are used to move data between the ACX/HI/LO registers and general purpose registers. The first instruction, MFHI, loads the contents of the HI register into a general purpose register. For example, “MFHI $5” loads the contents of the HI register into register $5. Similarly, MFLO loads the contents of the LO register into a general purpose register. Conversely, the instructions MTHI and MTLO are used to load the contents of a general purpose register into the HI or LO registers. For example, “MTHI $5” loads the contents of register $5 into the HI register.
In one implementation, the content of the ACX register is not directly accessible. To indirectly access the ACX register, the values stored in the ACX/HI/LO registers may be shifted to the left or right. For example, “MFLHXU $5” shifts contents of the ACX, HI, and LO registers to the right by one register position, loading the contents of the LO register into register $5. Thus, after performing the operation, the ACX register is zero, the HI register contains the previous contents of the ACX register, the LO register contains the previous contents of the HI register, and register $5 contains the previous contents of the LO register. Because the contents of the 8bit ACX register are loaded into a 32bit register, the 8bit value may be zeroextended to 32bits before loading the HI register.
The MTLHX performs the inverse operation. For example, “MTLHX $5” loads the ACX register with the previous contents of the HI register, loads the HI register with the previous contents of the LO register, and loads the LO register with the contents of register $5.
The PPERM operation performs permutations as specified in a register, storing the result in the ACX/HI/LO registers. For example, “PPERM $5, $6” causes the ACX/HI/LO registers to be shifted 6bits to the left. Then, loworder six bits are selected from register $5 as specified by register $6. In particular, the 32bit contents of register $6 are used to select which bits of register $5 will be used to fill the loworder bits of the ACX/HI/LO registers. Since there are 32 bits in register $5, 5 bits are needed to specify a specific one of the 32 bits. For example, “01101” is binary for the number 13. Thus, these five bits may specify bit 13. Similarly, “00000” is binary for 0 and “11111” is binary for 31. Thus, any one of the 32 bits may be specified using a 5bit specifier, and 6 bits may be specified using 30 bits (i.e., 6 5bit specifiers).
Register $6 may specify the bits of register $5 used to fill the loworder bits of ACX/HI/LO as follows: bits 04 are used to specify the source of bit 0, bits 59 are used to specify bit 1, bits 1014 are used to specify bit 2, bits 1519 are used to specify bit 3, bits 2024 are used to specify bit 4, and bits 2529 are used to specify bit 5. The remaining bits, 3031, may be unused. Thus, the instruction is performed using the specifiers as described to fill the lowest 6 bits of the LO register with the specified bits from the register $5.
Finally, MULTP may be used to perform binary polynomial multiplication and MADDP may be used to perform binary polynomial multiplication with the result added to the ACX/HI/LO registers. These operations are analogous to MULT and MADD, but operate on binary polynomial operands.
The polynomial operands of MULTP and MADDP are encoded in 32bit registers with each bit representing a polynomial coefficient. For example, the polynomial “x^{4}+x+1” would be encoded as “10011” because the coefficients of x^{3 }and x^{2 }are “0” and the remaining coefficients are “1”. The MULTP instruction performs binary polynomial multiplication on two operands. For example,
(x ^{4} +x+1)(x+1)=x ^{5} +x ^{4} +x ^{2}+2x+1.
Reducing the polynomial modulo two, yields x^{5}+x^{4}+x^{2}+1. If the polynomials are encoded in the binary representation above, the same multiplication may be expressed as (10011)(11)=110101.
The MADDP instruction performs multiplication just as MULTP, and then adds the result to the ACX/HI/LO registers. Polynomial addition may be performed using a bitwise XOR. For example, the binary polynomial addition (x^{4}+x+1)+(x+1) yields x^{4}+2x+2. Reducing the coefficients modulo 2 yields x^{4}, which may be expressed as “10000”.
Referring to
The RThold register 3012 is connected to multiplexer 3022. Multiplexer 3022 produces a 16bit result by selecting the highorder bits of RThold 3012, the loworder bits of RThold 3012, the highorder bits of the RT operand, or the loworder bits of the RT operand. The output from multiplexer 3022 is processed by Booth recoder 3040 and stored in register RTB 3042. Booth recoding is a technique that permits the multiplier array to treat signed and unsigned operands the same. The output of register RTB 3042 becomes the input SEL 3034 to array unit 3030.
Array unit 3030 is used to perform arithmetic and binary polynomial multiplication as described below with reference to FIG. 4. Array unit 3030 takes as inputs ACC1 3031, ACC2 3032, M 3033, SEL 3034, and RThold 3012. Inputs ACC1 3031 and ACC2 3032 are accumulated results used for operations that perform a multiplication and add or subtract the resulting value from an accumulated result. The inputs SEL 3034 (determined by register RTB 3042) and M 3033 (determined by register RShold 3010) form the operands for arithmetic operations. The inputs RThold 3012 (or the highorder or loworder bits of RThold 3012) and M 3033 (determined by RShold 3010) form operands for polynomial operations and permutations. Combinations of these inputs are used to perform various calculations as described in detail below.
Array unit 3030 also includes two outputs, ResultC 3035 and ResultS 3036. In performing arithmetic operations, carrysave adders (CSAs) may be used to build a multiplication array. Carrysave adders calculate sums and carries separately to produce two outputs. Thus, ResultC 3035 and ResultS 3036 represent, respectively, the carry and the sum outputs of a CSA multiplier array. In one implementation, ACC1 3031, ACC2 3032, ResultC 3035, and ResultS 3036 are each 72 bits long and the remaining inputs are at most 32 bits long. Inputs ACC1 3031 and ACC2 3032 may be selected using multiplexers 3037 and 3038.
Multiplexers 3050 and 3052 are used to select values as inputs to registers CPAA 3054 and CPAB 3056. For example, multiplexer 3050 may be used to select between ResultC 3035, the output of CPA 3058, or the output of multiplexer 3020 (i.e., operand RS or the output of RShold 3010). Similarly, multiplexer 3052 may be used to select between ResultS 3036, the value 0, and the output of multiplexer 3024 (i.e., operand RT or the output of RThold 3012). Registers CPAA 3054 and CPAB 3056 store the inputs to carry propagate adder (CPA) 3058. CPA 3058 may be used to complete multiplication operations (multiplies) and to perform iterative division operations (divides) as discussed below.
Register RDM 3060 stores the result of CPA 3058. Finally, multiplexers 3070 and 3072 select which values form the result to be loaded into registers ACX, HI, and LO. Multiplexer 3070 may be used to select the ACX/HI/LO registers, RDM 3060, or the result of CPA 3058. Multiplexer 3072 may be used to instead load various permutations of the result selected by multipexer 3070. Multiplexer 3072 is used to perform various rotations and loads of the ACX/HI/LO registers by permitting selection of the following values (forming 72bit values when concatenated): (1) ahl, the 72bit output of multiplexer 3070; (2) arl, the 8 highorder bits of multiplexer 3070, the contents of RShold 3010, and the 32 loworder bits of multiplexer 3070; (3) ahr, the 40 highorder bits of multiplexer 3070 and the contents of RShold 3010; (4) hlr, the 40 loworder bits of multiplexer 3070 and the contents of RShold 3010; and (5) 0ah, the 40 highorder bits of multiplexer 3070 (with 32 leading zeros).
Some operations cause the values stored in the result registers ACX, HI, and LO to be overwritten. For this reason, a separate result register 3080 may be provided to store the highorder and loworder result without the accumulator ACX.
The data path described below includes six major parts: (1) input registering and selection; (2) Booth recoding; (3) multiplier arrays and permutation logic; (4) a carry propagate adder; (5) result registering and selection; and (6) a separate 32bit output register for presenting results.
Input registering and selection is performed using the RShold and RThold registers to hold the RS and RT operands. Multiplexers select whether to use these operands directly or to use the registered versions. Booth recoding is performed on half of the RT operand at a time to provide inputs to the multiplier arrays and permutation logic.
Booth recoding is a technique that permits the multiplier array to treat signed and unsigned operands the same. This technique “recodes” operands as a subtraction from the next highest power of two. For example, 7 may be Booth recoded as follows: 8−1=1000_{2}−0001_{2}=100
One array of array unit 3030 performs arithmetic multiplication and one array of array unit 3030 performs binary polynomial multiplication. In one implementation, both arrays are 32 bits by 16 bits (32×16) and are used once or twice depending on the size of the RT operand (i.e., an appropriate array is used once when RT is 16 bits long and twice when RT is 32 bits long). The CPA may be used to complete multiplies and to perform iterative divides. Other implementations may include faster mechanisms for performing divides.
The arithmetic multiplication array may be implemented using any of the techniques described by Hennessy and Patterson in the incorporated “Computer Architecture: A Quantitative Approach.” For example, Appendix A of Hennessy and Patterson describes several ways to speed up arithmetic multipliers. Any of the described techniques may be used as a basis for the polynomial multiplication extensions described below.
Referring to
A multiplexer 4310 selects between the ResultS output of Marray 4100 and a zero to produce ResultS 3036. Multiplexers 4315 and 4320 select between the ResultC produced by M array 4100, the combination of 25 bits of ACC1 and the 47 bits of the Result produced by MParray 4200, and the results produced by permutation logic 4300 to produce ResultC 3035.
Referring to
Marray 4100 is implemented as a Wallace tree built from arrays of CSAs. The width of these arrays may vary. This design may be implemented using an automated place and route rather than using data path style. Because the accumulate value from the previous array pass is input late into the array, the accumulate value does not need to come directly from a register. Booth recoding is performed using the method of overlapping triplets to more efficiently process multiplications. The output of Booth recoding tells whether to add operand M multiplied by −2, −1, 0, 1, or 2 for each power of 4. The multiplexers on the toplevel CSA inputs are used to select the corresponding multiple of M.
Marray 4100 accumulates eight products from the Booth recoding plus one special partial product. The latter may be used for 32bit unsigned calculations using the “0” and “1×” choices from the multiplexers. Within the Wallace tree, operands may be signextended to properly accumulate 2′s complement results.
Referring to
MParray 4200 multiplies two operands (e.g., OpA and OpB) using an array with each row formed by taking the AND of OpA and a bit of OpB. For example, the first row is the logical AND of OpA and bit 0 of OpB. Row two is the logical AND of OpA and bit 1 of OpB. The result of each successive row is shifted one bit to the left. The final result is formed by taking the exclusiveor (XOR) of each column. Because a bitwise XOR may be used to perform addition in binary polynomial arithmetic, an accumulator row may be added to array MParray 4200 to support instructions such as MADDP.
Referring again to
The MDU 2020 is decoupled from the environment pipeline; it does not stall with the environment. That is to say the MDU 2020 will continue its computation during pipeline stalls. In this way, multicycle MDU operations may be partially masked by system stalls and/or other, nonMDU instructions.
Referring to
Referring to
In one implementation, target applications demand fast division. Many techniques may be used to increase the performance of division. For example, the Sweeney, Robertson, and Tocher (SRT) algorithm or some variation thereof may be used.
Referring to
In this implementation, the multiplier is pipelined. One multiplication may be run through the array unit and another through the CPA. Thus, the multiplier either transitions from ARR1 8020 or ARR2B 8040 to state CPA 8050 if there is no additional multiplication to perform, or begins a second multiplication. If no additional multiplication is needed, the multiplier is run through CPA 8050 and then either returns to IDLE 8010 or begins a new multiplication as discussed above.
If a second multiplication is ready to be performed when the first multiplication is ready to be run through the CPA, then the multiplier either transitions to CPA1 8060 (for a 32×16 multiplication) or CPA2A 8070 (for a 32×32 multiplication). In state CPA1 8060, the first multiplication is run through the CPA and the second multiplication is run through the array unit. The multiplier then transitions to state CPA 8050 to finalize the second multiplication.
If the second multiplication is a 32bit multiplication, then in state CPA2A 8070 the first multiplication is run through the CPA and the second multiplication is run through the array unit. The multiplier then transitions to state ARR2B 8040 to complete the 32×32 multiplication. This pipelined approach allows 32×16 multiplications to be issued every clock cycle, with a twocycle latency. Also, 32×32 multiplications may be issued every other clock cycle, with a threecycle latency.
Referring to
Iterative division is performed in states DIV 9060 and DIVU 9070. Division may be performed by using a series of iterative add/subtracts and shifts. Finally, the remainders are finalized in states REM 9080 and REMU 9090. If either of the operands is negative, sign adjustment is performed in state SGN 9100.
Referring again to
For example, permutation logic 4300 may be used to execute the instruction “PPERM $5, $6”. Permutation logic 4300 uses 6 5bit selectors determined by RThold 3012 to identify which bits to include as output from RShold 3010. For example, if register $5 contains the loworder bits “010101”, then the selector “00010” (corresponding to the loworder bits of register $6) would choose bit 2 (i.e., the third bit from the right) containing “1”. If RThold 3012 contains the loworder bits “0001000011” (corresponding to the 10 loworder bits of register $6), then bit 2 (containing a “1”) and bit 3 (containing a “0”) will be selected to yield “10”. Using this method, permutation logic 4300 may select bits from RShold 3010 to generate 6 bits based on RThold 3012. The resulting 6 bits are concatenated to the 66 loworder bits of ACC1 to form the result. This effectively shifts the 66 loworder bits of ACC1 six bits to the left and replaces the 6 loworder bits with the output of the permutation logic 4300.
The PPERM instruction discussed above is one technique that may be used to provide bitwise permutation support in hardware. In a strict mathematical sense, a bitwise permutation consists of an arbitrary reordering of an ordered group of bits within a register or a memory location, as a onetoone mapping. Permutations as described herein may be more general operations in which onetomany and onetonone mappings are also possible. If enough hardware is used, any permutation may be performed in a single clock cycle. However, for anything other than a fixed permutation, a significant amount of state must be established before the permutation may be performed. For example, if bits from a 32bit value are permuted into an expanded 48bit value, each of the 48 destination bits requires 5 bits of data to indicate the corresponding source bit. Thus, 240 bits of state are needed to fully specify the operation. The amount of state required to specify a permutation may be reduced by reducing the number of destination bits that may be permuted. These partial permutation operations permit extensive permutations to be completed over multiple clock cycles while providing increased performance relative to shiftandmask algorithms that may be used with unaugmented instruction sets. Partial permutation instructions may be provided that take inputs such as the following: (1) a subset of destination bits to permute into; (2) a description of the source of each bit in the subset of destination bits to permute into; (3) a previous partial value; and (4) a destination register.
Destination bits may be specified in several ways, with varying degrees of economy. For example, destination bits may be specified in a freeform format with each destination bit using at least a 5bit value to specify its position. Destination bits also may be specified as a contiguous group starting at an explicitly controlled bit, requiring at least 5 bits per instruction. Additionally, destination bits may be specified as a contiguous group starting at an implicitly controlled bit, with a full permutation operation being performed as a canonical instruction sequence.
The PPERM instruction provides a hardware implementation of partial bitwise permutations in a microprocessor multiply or multiply/divide unit. In addition to the PPERM instruction discussed above, several alternative implementations of partial bitwise permutations may be desirable.
Referring to
Referring to
The four source bit identifiers specify which bits of the input word (specified by rs) are used to replace the corresponding bits in the destination register (specified by rd). These source bit identifiers form a 4bit field to be placed as specified by the destination nibble. For example, if source bit 0 is “00010”, then bit 2 of rs is the low order bit of the 4bit field. If rs contains “1010”, then a “0” (bit 2 is the third bit from the right) forms the loworder bit of the destination nibble.
The mask is used to specify whether to permute the corresponding source bit. For example, a mask of “00111” will only perform the permutations specified by source bits 0, 1, and 2. If the corresponding mask bit is 0, the default bit is used in the destination nibble. In this example, the mask bit corresponding to source bit 3 is a “0”, therefore the value of the default bit is used for the highorder bit of the destination nibble. The use of masks and default bits, wherein the default bit may be zero, one, or an indication that the value of destination bits unselected for permutation by the mask is to remain unchanged, is useful where the desired result value is the permutation of bits gathered from multiple source words. The value of all nibbles of the destination register not selected for the operation are copied from the previous partial value specified by operand rt.
Referring to
Because there is a mask or starting specifier used in this instruction format, the source register of the previous partial permutation is implicitly the destination register and the instruction implicitly performs a shift or rotate by two bits on the previous value before merging in the two additional bits from the source. The absence of a mask for bits whose values are not derivable from the current source (rs) register may be handled by using explicit shift/rotate instructions, and by using a singlebit partial permutation instruction.
Referring to
Referring to
Referring to
Referring to
Additional partial permutation implementations may increase the number of bits specified by using more than one control word operand. For example, one implementation uses an instruction encoding such as that described in
In addition to multiplier implementations using hardware (e.g., within a microprocessor or microcontroller), implementations also may be embodied in software disposed, for example, in a computer usable (e.g., readable) medium configured to store the software (i.e., a computer readable program code). The program code causes the enablement of the functions or fabrication, or both, of the systems and techniques disclosed herein. For example, this can be accomplished through the use of general programming languages (e.g., C, C++), hardware description languages (HDL) including Verilog HDL, VHDL, AHDL (Altera HDL) and so on, or other available programming and/or circuit (i.e., schematic) capture tools. The program code can be disposed in any known computer usable medium including semiconductor, magnetic disk, optical disk (e.g., CDROM, DVDROM) and as a computer data signal embodied in a computer usable (e.g., readable) transmission medium (e.g., carrier wave or any other medium including digital, optical, or analogbased medium). As such, the code can be transmitted over communication networks including the Internet and intranets.
It is understood that the functions accomplished and/or structure provided by the systems and techniques described above can be represented in a core (e.g., a microprocessor core) that is embodied in program code and may be transformed to hardware as part of the production of integrated circuits. Also, the systems and techniques may be embodied as a combination of hardware and software. Accordingly, other implementations are within the scope of the following claims.
Claims (36)
Priority Applications (1)
Application Number  Priority Date  Filing Date  Title 

US09788683 US7237097B2 (en)  20010221  20010221  Partial bitwise permutations 
Applications Claiming Priority (5)
Application Number  Priority Date  Filing Date  Title 

US09788683 US7237097B2 (en)  20010221  20010221  Partial bitwise permutations 
EP20020707785 EP1379939B1 (en)  20010221  20020215  Partial bitwise permutations 
CN 02808631 CN100437467C (en)  20010221  20020215  Partial bitwise permutations 
JP2002568190A JP3837113B2 (en)  20010221  20020215  Partial bit replacement 
PCT/US2002/004427 WO2002069135A9 (en)  20010221  20020215  Partial bitwise permutations 
Publications (2)
Publication Number  Publication Date 

US20020116602A1 true US20020116602A1 (en)  20020822 
US7237097B2 true US7237097B2 (en)  20070626 
Family
ID=25145241
Family Applications (1)
Application Number  Title  Priority Date  Filing Date 

US09788683 Active 20220805 US7237097B2 (en)  20010221  20010221  Partial bitwise permutations 
Country Status (5)
Country  Link 

US (1)  US7237097B2 (en) 
JP (1)  JP3837113B2 (en) 
CN (1)  CN100437467C (en) 
EP (1)  EP1379939B1 (en) 
WO (1)  WO2002069135A9 (en) 
Cited By (8)
Publication number  Priority date  Publication date  Assignee  Title 

US20060227966A1 (en) *  20050408  20061012  Icera Inc. (Delaware Corporation)  Data access and permute unit 
US20070106889A1 (en) *  20010221  20070510  Mips Technologies, Inc.  Configurable instruction sequence generation 
US20070124631A1 (en) *  20051108  20070531  Boggs Darrell D  Bit field selection instruction 
US20100014664A1 (en) *  20061211  20100121  Taizo Shirai  Cryptographic Processing Apparatus, Cryptographic Processing Method, and Computer Program 
US7860911B2 (en)  20010221  20101228  Mips Technologies, Inc.  Extended precision accumulator 
WO2013095611A1 (en) *  20111223  20130627  Intel Corporation  Apparatus and method for performing a permute operation 
KR101281275B1 (en)  20110901  20130703  서울대학교산학협력단  Obfuscation method for process of encrypting/decrypting block cipher using boolean function expression and apparatus for the same 
US20130318328A1 (en) *  20111223  20131128  Elmoustapha OuldAhmedVall  Apparatus and method for shuffling floating point or integer values 
Families Citing this family (12)
Publication number  Priority date  Publication date  Assignee  Title 

US6975250B2 (en) *  20020528  20051213  Broadcom Corporation  Methods and systems for data manipulation 
US20040086114A1 (en) *  20021106  20040506  Sun Microsystems, Inc.  System and method for implementing DES permutation functions 
US7315937B2 (en) *  20041001  20080101  Mips Technologies, Inc.  Microprocessor instructions for efficient bit stream extractions 
US7873810B2 (en) *  20041001  20110118  Mips Technologies, Inc.  Microprocessor instruction using address index values to enable access of a virtual buffer in circular fashion 
US7421566B2 (en) *  20050812  20080902  International Business Machines Corporation  Implementing instruction set architectures with noncontiguous register file specifiers 
US9146706B2 (en)  20060505  20150929  Qualcomm Incorporated  Controlledprecision iterative arithmetic logic unit 
WO2011036515A1 (en) *  20090924  20110331  Freescale Semiconductor, Inc.  Device and method for performing bitwise manipulations 
US9003170B2 (en) *  20091222  20150407  Intel Corporation  Bit range isolation instructions, methods, and apparatus 
WO2013101222A1 (en) *  20111230  20130704  Intel Corporation  Reconfigurable device for repositioning data within a data word 
CN103186363B (en) *  20130326  20150930  北京经纬恒润科技有限公司  A numerical method and system for editing 
FR3021428B1 (en) *  20140523  20171013  Kalray  bit matrix multiplication using explicit registers 
US20160179548A1 (en) *  20141222  20160623  Intel Corporation  Instruction and logic to perform an inverse centrifuge operation 
Citations (33)
Publication number  Priority date  Publication date  Assignee  Title 

US6172494B2 (en)  
US4085447A (en) *  19760907  19780418  Sperry Rand Corporation  Right justified mask transfer apparatus 
US4569016A (en) *  19830630  19860204  International Business Machines Corporation  Mechanism for implementing one machine cycle executable mask and rotate instructions in a primitive instruction set computing system 
US4928223A (en)  19821006  19900522  Fairchild Semiconductor Corporation  Floating point microprocessor with directable two level microinstructions 
US4949250A (en)  19880318  19900814  Digital Equipment Corporation  Method and apparatus for executing instructions for a vector processing system 
US5471628A (en) *  19920630  19951128  International Business Machines Corporation  Multifunction permutation switch for rotating and manipulating an order of bits of an input data byte in either cyclic or noncyclic mode 
US5499299A (en)  19930702  19960312  Fujitsu Limited  Modular arithmetic operation system 
US5673407A (en)  19940308  19970930  Texas Instruments Incorporated  Data processor having capability to perform both floating point operations and memory access in response to a single instruction 
US5696937A (en)  19950428  19971209  Unisys Corporation  Cache controller utilizing a state machine for controlling invalidations in a network with dual system busses 
US5729554A (en)  19961001  19980317  HewlettPackard Co.  Speculative execution of test patterns in a random test generator 
US5748979A (en)  19950405  19980505  Xilinx Inc  Reprogrammable instruction set accelerator using a plurality of programmable execution units and an instruction page table 
US5768172A (en)  19951004  19980616  Apple Computer, Inc.  Graphic software functions without branch instructions 
US5781457A (en)  19940308  19980714  Exponential Technology, Inc.  Merge/mask, rotate/shift, and boolean operations from two instruction sets executed in a vectored mux on a dualALU 
US5819117A (en)  19951010  19981006  Microunity Systems Engineering, Inc.  Method and system for facilitating byte ordering interfacing of a computer system 
US5838986A (en)  19910708  19981117  Seiko Epson Corporation  RISC microprocessor architecture implementing multiple typed register sets 
US6009450A (en)  19971224  19991228  Motorola, Inc.  Finite field inverse circuit 
US6035317A (en)  19970109  20000307  SgsThomson Microelectronics S.A.  Modular arithmetic coprocessor comprising two multiplication circuits working in parallel 
US6067615A (en)  19931130  20000523  Trw Inc.  Reconfigurable processor for executing successive function sequences in a processor operation 
US6138229A (en)  19980529  20001024  Motorola, Inc.  Customizable instruction set processor with nonconfigurable/configurable decoding units and nonconfigurable/configurable execution units 
US6141421A (en)  19961210  20001031  Hitachi, Ltd.  Method and apparatus for generating hash value 
US6145077A (en)  19950517  20001107  SgsThomson Microelectronics Limited  Manipulation of data 
US6154834A (en)  19970527  20001128  Intel Corporation  Detachable processor module containing external microcode expansion memory 
US6172494B1 (en)  19990223  20010109  U.S. Philips Corporation  Circuit arrangement for delivering a supply current 
US6199087B1 (en)  19980625  20010306  HewlettPackard Company  Apparatus and method for efficient arithmetic in finite fields through alternative representation 
US6298438B1 (en) *  19961202  20011002  Advanced Micro Devices, Inc.  System and method for conditional moving an operand from a source register to destination register 
US6381690B1 (en) *  19950801  20020430  HewlettPackard Company  Processor for performing subword permutations and combinations 
US6430684B1 (en) *  19991029  20020806  Texas Instruments Incorporated  Processor circuits, systems, and methods with efficient granularity shift and/or merge instruction(s) 
US6615366B1 (en)  19991221  20030902  Intel Corporation  Microprocessor with dual execution core operable in high reliability mode 
US6618804B1 (en) *  20000407  20030909  Sun Microsystems, Inc.  System and method for rearranging bits of a data word in accordance with a mask using sorting 
US20030172254A1 (en) *  19991001  20030911  Hitachi, Ltd.  Instructions for manipulating vectored data 
US6625737B1 (en)  20000920  20030923  Mips Technologies Inc.  System for prediction and control of power consumption in digital system 
US6715066B1 (en) *  20000407  20040330  Sun Microsystems, Inc.  System and method for arranging bits of a data word in accordance with a mask 
US6952478B2 (en)  20000505  20051004  Teleputers, Llc  Method and system for performing permutations using permutation instructions based on modified omega and flip stages 
Family Cites Families (9)
Publication number  Priority date  Publication date  Assignee  Title 

FR2253415A5 (en) *  19731204  19750627  Cii  
JP2646778B2 (en) *  19900117  19970827  日本電気株式会社  Digital signal processor 
US5765011A (en) *  19901113  19980609  International Business Machines Corporation  Parallel processing system having a synchronous SIMD processing with processing elements emulating SIMD operation using individual instruction streams 
FR2723223B1 (en) *  19940729  19960830  Sgs Thomson Microelectronics  Interference Method and digital application has a programmable circuit 
US6295599B1 (en) *  19950816  20010925  Microunity Systems Engineering  System and method for providing a wide operand architecture 
US6041403A (en) *  19960927  20000321  Intel Corporation  Method and apparatus for generating a microinstruction responsive to the specification of an operand, in addition to a microinstruction based on the opcode, of a macroinstruction 
US6044389A (en) *  19971229  20000328  Quantum Corporation  System for computing the multiplicative inverse of a field element for galois fields without using tables 
US6141786A (en) *  19980604  20001031  Intenational Business Machines Corporation  Method and apparatus for performing arithmetic operations on Galois fields and their extensions 
US6199088B1 (en) *  19980630  20010306  Quantum Corp.  Circuit for determining multiplicative inverses in certain galois fields 
Patent Citations (34)
Publication number  Priority date  Publication date  Assignee  Title 

US6172494B2 (en)  
US4085447A (en) *  19760907  19780418  Sperry Rand Corporation  Right justified mask transfer apparatus 
US4928223A (en)  19821006  19900522  Fairchild Semiconductor Corporation  Floating point microprocessor with directable two level microinstructions 
US4569016A (en) *  19830630  19860204  International Business Machines Corporation  Mechanism for implementing one machine cycle executable mask and rotate instructions in a primitive instruction set computing system 
US4949250A (en)  19880318  19900814  Digital Equipment Corporation  Method and apparatus for executing instructions for a vector processing system 
US5838986A (en)  19910708  19981117  Seiko Epson Corporation  RISC microprocessor architecture implementing multiple typed register sets 
US5471628A (en) *  19920630  19951128  International Business Machines Corporation  Multifunction permutation switch for rotating and manipulating an order of bits of an input data byte in either cyclic or noncyclic mode 
US5499299A (en)  19930702  19960312  Fujitsu Limited  Modular arithmetic operation system 
US6067615A (en)  19931130  20000523  Trw Inc.  Reconfigurable processor for executing successive function sequences in a processor operation 
US5673407A (en)  19940308  19970930  Texas Instruments Incorporated  Data processor having capability to perform both floating point operations and memory access in response to a single instruction 
US5781457A (en)  19940308  19980714  Exponential Technology, Inc.  Merge/mask, rotate/shift, and boolean operations from two instruction sets executed in a vectored mux on a dualALU 
US5748979A (en)  19950405  19980505  Xilinx Inc  Reprogrammable instruction set accelerator using a plurality of programmable execution units and an instruction page table 
US5696937A (en)  19950428  19971209  Unisys Corporation  Cache controller utilizing a state machine for controlling invalidations in a network with dual system busses 
US6145077A (en)  19950517  20001107  SgsThomson Microelectronics Limited  Manipulation of data 
US6381690B1 (en) *  19950801  20020430  HewlettPackard Company  Processor for performing subword permutations and combinations 
US5768172A (en)  19951004  19980616  Apple Computer, Inc.  Graphic software functions without branch instructions 
US5819117A (en)  19951010  19981006  Microunity Systems Engineering, Inc.  Method and system for facilitating byte ordering interfacing of a computer system 
US5729554A (en)  19961001  19980317  HewlettPackard Co.  Speculative execution of test patterns in a random test generator 
US6298438B1 (en) *  19961202  20011002  Advanced Micro Devices, Inc.  System and method for conditional moving an operand from a source register to destination register 
US6141421A (en)  19961210  20001031  Hitachi, Ltd.  Method and apparatus for generating hash value 
US6035317A (en)  19970109  20000307  SgsThomson Microelectronics S.A.  Modular arithmetic coprocessor comprising two multiplication circuits working in parallel 
US6154834A (en)  19970527  20001128  Intel Corporation  Detachable processor module containing external microcode expansion memory 
US6009450A (en)  19971224  19991228  Motorola, Inc.  Finite field inverse circuit 
US6138229A (en)  19980529  20001024  Motorola, Inc.  Customizable instruction set processor with nonconfigurable/configurable decoding units and nonconfigurable/configurable execution units 
US6199087B1 (en)  19980625  20010306  HewlettPackard Company  Apparatus and method for efficient arithmetic in finite fields through alternative representation 
US6172494B1 (en)  19990223  20010109  U.S. Philips Corporation  Circuit arrangement for delivering a supply current 
US20030172254A1 (en) *  19991001  20030911  Hitachi, Ltd.  Instructions for manipulating vectored data 
US6430684B1 (en) *  19991029  20020806  Texas Instruments Incorporated  Processor circuits, systems, and methods with efficient granularity shift and/or merge instruction(s) 
US6615366B1 (en)  19991221  20030902  Intel Corporation  Microprocessor with dual execution core operable in high reliability mode 
US6618804B1 (en) *  20000407  20030909  Sun Microsystems, Inc.  System and method for rearranging bits of a data word in accordance with a mask using sorting 
US6715066B1 (en) *  20000407  20040330  Sun Microsystems, Inc.  System and method for arranging bits of a data word in accordance with a mask 
US6952478B2 (en)  20000505  20051004  Teleputers, Llc  Method and system for performing permutations using permutation instructions based on modified omega and flip stages 
US6625737B1 (en)  20000920  20030923  Mips Technologies Inc.  System for prediction and control of power consumption in digital system 
US6976178B1 (en)  20000920  20051213  Mips Technologies, Inc.  Method and apparatus for disassociating power consumed within a processing system with instructions it is executing 
NonPatent Citations (34)
Title 

"Security Target BSIDSZCC0203, Version 1.1, Jan. 24<SUP>th</SUP>, 2003, Evaluation of the Philips P16WX064V0C Secure 16bit Smart Card Controller" [online] . Philips Semiconductor GmbH, pp. 174 [Retrieved on Feb. 1, 2006]. Retrieved from the internet<URL: http://www.commoncriteriaportal.org/public/files/epfiles/0203b.pdf>. 
Can Silicon Stop The Smartcard Hackers?, Electronics Times, Feb. 15, 1999, available in Electronics Times 321999 WL 9348105 (3 pages). 
Certification Report BSIDSZCC02032003 for Philips Smart Card Controller P16WX064V0C [online]. Philips Semiconductors GmbH [Retrieved on Feb. 1, 2006]. Retrieved from the Internet: <URL: http://www.bsi.bund.de//zertifiz/reporte/0203a.pdf>. 
Clavier, C. et al., "Differential Power Analysis in the Presence of Hardware Countermeasures," in Proceedings of Second International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2000 ) Eds., ç.K. Koç and C. Paar), Worcester, Massachusetts, USA, Aug. 1718, 2000, pp. 252263, SpringerVerlag, Berlin/Heidelberg, Germany (2000). 
Coron, J.S. and Goubin L., "On Boolean and Arithmetic Masking Against Differential Power Analysis," in Proceedings of Second International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2000 (Eds., ç.K. Koç and C. Paar), Worcester, Massachusetts, USA, Aug. 1718, 2000, pp. 231237, SpringerVerlag, Berlin/Heidelberg, Germany (2000). 
Daemen, J. et al., "Bitslice Ciphers and Power Analysis Attacks," presented at Fast Software Encryption Workshop 2000, New York, New York, USA, Apr. 1012, 2000 (16 pages). 
Darrel Hankerson et al., Software Implementation of Elliptic Curve Cryptography over Binary Fields, C.K. Koc and C. Paar (Eds.): CHES 2000, LNCS 1965, pp. 124, 2000. 
Erkay Savas et al., A Scalable and Unified Multiplier Architecture for Finite Fields GF(p) and GF(2 <SUP>m</SUP>)*, C.K. Koc and C. Paar (Eds.): CHES 2000, LNCS 1965, pp. 277292, 2000. 
Geraldo Orlando et al., A HighPerformance Reconfigurable Elliptic Curve Processor for GF(2<SUP>m</SUP>)*, C.K. Koc and C. Paar (Eds.): CHES 2000, LNCS 1965, pp. 4156, 2000. 
Hasan, M. Anwar, "Power Analysis Attacks and Algorithmic Approaches to their Countermeasures for Koblitz Curve Cryptosystems," in Proceedings of Second International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2000 (Eds., ç.K. Koç and C. Paar), Worcester, Massachusetts, USA, Aug. 1718, 2000, pp. 93108, SpringerVerlag, Berlin/Heidelberg, Germany (2000). 
Jae Wook Chung et al., Fast Implementation of Elliptic Curve Defined over GF(p<SUP>m</SUP>) on CalmRISC with MAC2424 Coprocessor, C.K. Koc and C. Paar (Eds.): CHES 2000, LNCS 1965, pp. 5770, 2000. 
JeanFrancois Dhem and Nathalie Feyt, "Hardware and Software Symbiosis Helps Smart Card Evolution" [online]. IEEE Micro, Nov.Dec. 2001, pp. 1425 [Retrieved on Feb. 1, 2006]. Retrieved from the Internet:<URL: http://www.it.iitb.ac.in/~satish/Thesis%20Report%20New%201/2_Review%20of%20literture/2_reference/2_29_Hardware%20and%20software%20symbiosis%20helps%20smart%20card%20evolution.pdf>. 
JeanFrancois Dhem and Nathalie Feyt, "Present and Future Smart Cards" [online]. GemplusCard Securtity Group, pp. 19 [Retrieved on Feb. 1, 2006]. Retrieved from the Internet:<URL: http://www.itc.dk/courses/DSK/F2003/smart2.pdf>. 
Kato, T. et al., "A Design for Modular Exponentiation Coprocessor in Mobile Telecommunication Terminals," in Proceedings of Second International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2000 (Eds., ç.K. Koç and C. Paar), Worcester, Massachusetts, USA, Aug. 1718, 2000, pp. 216228, SpringerVerlag, Berlin/Heidelberg, Germany (2000). 
Kocher, P. et al., "Differential Power Analysis," in Advances in Cryptology Proceedings of 19th Annual International Cryptology Conference, CRYPTO '99 (Ed. Michael J. Wiener), Santa Barbara, California, USA, Aug. 1519, 1999, SpringerVerlag, Berlin/Heidelberg, Germany (1999) 10 pages. 
Kutler, Jeffrey, Smart Cards: Even Abundant Security Features Don't Spur Smart Card BuyIn, American Banker, vol. 163, No. 221, Nov. 18, 1998, available in Am. Banker I 1998 WL 13326041 (9 pages). 
Marc Joye et al., Efficient Generation of Prime Numbers,C.K. Koc and C. Paar (Eds.): CHES 2000, LNCS 1965, pp. 340354, 2000. 
Marketing literature from Philips Semiconductors, "On the Move13 Philips Semiconductors and IBM Research to Codevelop Secure Smart Cards" [online] . Feb. 1999, Document order number 9397.750.05157, [Retrieved on Feb. 1, 2006]. Retrieved from the Internet: <URL: http://www.semiconductors.philips.com/acrobat_download/literature/9397/75005157.pdf>. 
MayerSommer, R., "Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards," in Proceedings of Second International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2000 (Eds., ç.K. Koç and C. Paar), Worcester, Massachusetts, USA, Aug. 1718, 2000, pp. 7892, SpringerVerlag, Berlin/Heidelberg, Germany (2000). 
Naccache, D. and Tunstall, M., "How to Explain SideChannel Leakage to Your Kids," in Proceedings of Second International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2000 (Eds., ç.K. Koç and C. Paar), Worcester, Massahusetts, USA, Aug. 1718, 2000, pp. 229230, SpringerVerlag, Berlin/Heidelberg, Germany (2000). 
Patent Abstract of Japan, Publication No. JP61223938 (Oct. 4, 1986), English Language Abstract for JP Patent Applicaiton No. JP19850063782 (Mar. 29, 1985). 
Patent Abstracts of Japan, Publication No. JP11203106 (Jul. 30, 1999), English Language Abstract for JP Patent Application No. JP19980005096 (Jan. 13, 1998). 
Patent Abstracts of Japan, Publication No. JP2003533829T (Nov. 11, 2003), English Language Abstract for JP Patent Application No. JP20010585439T (May 7, 2001). 
Patent Abstracts of Japan, Publication No. JP4142618 (May 15, 1992), English Language Abstract for JP Pantent Application No. JP19900264991 (Oct. 4, 1990). 
Patent Abstracts of Japan, Publication No. JP8314717 (Nov. 29, 1996), English Language Abstract for JP Patent Application No. JP19960146619 (May 16, 1996). 
Philips Semiconductors Short From Specification, "P16WX064 SmartXAFamily, Secure 16bit Smart Card Controller," Revision 1.1 [online]. Feb. 2001, pp. 111 [Retrieved on Feb. 1, 2006]. Retrieved from the Internet: <URL: http://www.semiconductors.philips.com/acrobat_download/other/identification/sfs052411.pdf>. 
Shamir, A., "Protecting Smart Cards from Passive Power Analysis with Detached Power Supplies," in Proceedings of Second International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2000 (Eds., ç.K. Koç and C. Paar), Worcester, Massachusettes, USA, Aug. 1718, 2000, pp. 7177, SpringerVerlag, Berlin/Heidelberg, Germany (2000). 
Shi, Z., and Lee, R.B., "Bit Permutation Instructions for Accelerating Software Cryptography," Proceedings of the IEE International Conference on Applicationspecific Systems, Architectures and Processors, pp. 138148, Boston, MA (Jul. 1012, 2000). 
Souichi Okada et al., Implementation of Elliptic Curve Cryptography Coprocessor over GF (2<SUP>m</SUP>) on an FPGA, C.K. Koc and C. Paar (Eds.): CHES 2000, LNCS 1965, pp. 2540, 2000. 
STMicroelectronics And Gemplus Annouce Smart Card Security Certification Including Hardware And Software, EDP Weekly's IT Monitor, vol. 42, Issue 13, Apr. 2, 2001, available in EDP Wkly. 42001 WL 14018034 (3 pages). 
STMicroelectronics and Gemplus Announce Smart Card Security Certification Including Hardware And Software, Business Wire, Mar. 29, 2001, available in WESTLAW, Mar. 29, 2001 Bus. Wire 02:05:00 (3 pages). 
Vollmer, Alfred, Security ICs Are Targetting Consumer Applications, Electronics Design, vol. 48, Issue 23, Nov. 6, 2000, available in Electronics Design 1052000 WL 14003957 (13 pages). 
Weingart, S.H., "Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defenses," in Proceedings of Second International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2000 (Eds., ç.K. Koç and C. Paar), Worcester, Massachusetts, USA, Aug. 1718, 2000, pp. 302317, SpringerVerlag, Berlin/Heidelberg, Germany (2000). 
Zhijie Shie et al., Bit Permutation Instructions for Accelerating Software Cryptography, Proceedings of the IEEE International Conference on Applicationspecific Systems, Architectures and Processors, Jul. 1012, 2000, Boston Massachusetts, USA, pp. 138148. 
Cited By (13)
Publication number  Priority date  Publication date  Assignee  Title 

US7860911B2 (en)  20010221  20101228  Mips Technologies, Inc.  Extended precision accumulator 
US20070106889A1 (en) *  20010221  20070510  Mips Technologies, Inc.  Configurable instruction sequence generation 
US8447958B2 (en)  20010221  20130521  Bridge Crossing, Llc  Substituting portion of template instruction parameter with selected virtual instruction parameter 
US7933405B2 (en) *  20050408  20110426  Icera Inc.  Data access and permute unit 
US20060227966A1 (en) *  20050408  20061012  Icera Inc. (Delaware Corporation)  Data access and permute unit 
US20070124631A1 (en) *  20051108  20070531  Boggs Darrell D  Bit field selection instruction 
US20100014664A1 (en) *  20061211  20100121  Taizo Shirai  Cryptographic Processing Apparatus, Cryptographic Processing Method, and Computer Program 
US8737603B2 (en) *  20061211  20140527  Sony Corporation  Cryptographic processing apparatus, cryptographic processing method, and computer program 
KR101281275B1 (en)  20110901  20130703  서울대학교산학협력단  Obfuscation method for process of encrypting/decrypting block cipher using boolean function expression and apparatus for the same 
WO2013095611A1 (en) *  20111223  20130627  Intel Corporation  Apparatus and method for performing a permute operation 
US20130318328A1 (en) *  20111223  20131128  Elmoustapha OuldAhmedVall  Apparatus and method for shuffling floating point or integer values 
US9495162B2 (en)  20111223  20161115  Intel Corporation  Apparatus and method for performing a permute operation 
US9524168B2 (en) *  20111223  20161220  Intel Corporation  Apparatus and method for shuffling floating point or integer values 
Also Published As
Publication number  Publication date  Type 

JP3837113B2 (en)  20061025  grant 
CN100437467C (en)  20081126  grant 
EP1379939B1 (en)  20110921  grant 
WO2002069135A9 (en)  20031009  application 
EP1379939A1 (en)  20040114  application 
JP2004524621A (en)  20040812  application 
CN1503936A (en)  20040609  application 
US20020116602A1 (en)  20020822  application 
EP1379939A4 (en)  20080820  application 
WO2002069135A1 (en)  20020906  application 
Similar Documents
Publication  Publication Date  Title 

US5631859A (en)  Floating point arithmetic unit having logic for quad precision arithmetic  
US6904446B2 (en)  Floating point multiplier/accumulator with reduced latency and method thereof  
US5600847A (en)  Three input arithmetic logic unit with mask generator  
US6397240B1 (en)  Programmable accelerator for a programmable processor system  
US6061780A (en)  Execution unit chaining for single cycle extract instruction having one serial shift left and one serial shift right execution units  
US6349318B1 (en)  Arithmetic processor for finite field and module integer arithmetic operations  
US5991785A (en)  Determining an extremum value and its index in an array using a dualaccumulation processor  
US5606677A (en)  Packed word pair multiply operation forming output including most significant bits of product and other bits of one input  
US5996057A (en)  Data processing system and method of permutation with replication within a vector register file  
US5805875A (en)  Vector processing system with multioperation, runtime configurable pipelines  
US5619664A (en)  Processor with architecture for improved pipelining of arithmetic instructions by forwarding redundant intermediate data forms  
US5835392A (en)  Method for performing complex fast fourier transforms (FFT's)  
EP0395348A2 (en)  Method and apparatus for multigauge computation  
US5528529A (en)  Electronic multiplying and adding apparatus and method  
US5983257A (en)  System for signal processing using multiplyadd operations  
US6295599B1 (en)  System and method for providing a wide operand architecture  
US20040148321A1 (en)  Method and system for performing calculation operations and a device  
US6009450A (en)  Finite field inverse circuit  
US7395298B2 (en)  Method and apparatus for performing multiplyadd operations on packed data  
US5793661A (en)  Method and apparatus for performing multiply and accumulate operations on packed data  
Pineiro et al.  Highspeed function approximation using a minimax quadratic interpolator  
US6230257B1 (en)  Method and apparatus for staggering execution of a single packed data instruction using the same circuit  
US5864703A (en)  Method for providing extended precision in SIMD vector arithmetic operations  
US5426600A (en)  Double precision division circuit and method for digital signal processor  
US5960012A (en)  Checksum determination using parallel computations on multiple packed data elements 
Legal Events
Date  Code  Title  Description 

AS  Assignment 
Owner name: MIPS TECHNOLOGIES, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KISSELL, KEVIN D.;EKNER, HARTVIG W.J.;STRIBAEK, MORTEN;AND OTHERS;REEL/FRAME:012339/0882;SIGNING DATES FROM 20011015 TO 20011018 

AS  Assignment 
Owner name: MIPS TECHNOLOGIES, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KISSELL, KEVIN D.;PARALOGOS S.A.R.L.;MIPS TECHNOLOGIES INTERNATIONAL AG;REEL/FRAME:014267/0218;SIGNING DATES FROM 20030623 TO 20030627 

AS  Assignment 
Owner name: JEFFERIES FINANCE LLC, AS COLLATERAL AGENT, NEW YO Free format text: SECURITY AGREEMENT;ASSIGNOR:MIPS TECHNOLOGIES, INC.;REEL/FRAME:019744/0001 Effective date: 20070824 Owner name: JEFFERIES FINANCE LLC, AS COLLATERAL AGENT,NEW YOR Free format text: SECURITY AGREEMENT;ASSIGNOR:MIPS TECHNOLOGIES, INC.;REEL/FRAME:019744/0001 Effective date: 20070824 

CC  Certificate of correction  
AS  Assignment 
Owner name: MIPS TECHNOLOGIES, INC., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JEFFERIES FINANCE LLC, AS COLLATERAL AGENT;REEL/FRAME:021985/0015 Effective date: 20081205 Owner name: MIPS TECHNOLOGIES, INC.,CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JEFFERIES FINANCE LLC, AS COLLATERAL AGENT;REEL/FRAME:021985/0015 Effective date: 20081205 

FPAY  Fee payment 
Year of fee payment: 4 

AS  Assignment 
Owner name: BRIDGE CROSSING, LLC, NEW JERSEY Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MIPS TECHNOLOGIES, INC.;REEL/FRAME:030202/0440 Effective date: 20130206 

AS  Assignment 
Owner name: ARM FINANCE OVERSEAS LIMITED, GREAT BRITAIN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BRIDGE CROSSING, LLC;REEL/FRAME:033074/0058 Effective date: 20140131 

FPAY  Fee payment 
Year of fee payment: 8 